CN106487497B - DPA protection for RIJNDAEL algorithm - Google Patents

DPA protection for RIJNDAEL algorithm Download PDF

Info

Publication number
CN106487497B
CN106487497B CN201610104642.5A CN201610104642A CN106487497B CN 106487497 B CN106487497 B CN 106487497B CN 201610104642 A CN201610104642 A CN 201610104642A CN 106487497 B CN106487497 B CN 106487497B
Authority
CN
China
Prior art keywords
block
permutation
mask
box
replacement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610104642.5A
Other languages
Chinese (zh)
Other versions
CN106487497A (en
Inventor
N·布吕诺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics Rousset SAS
Original Assignee
STMicroelectronics Rousset SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics Rousset SAS filed Critical STMicroelectronics Rousset SAS
Publication of CN106487497A publication Critical patent/CN106487497A/en
Application granted granted Critical
Publication of CN106487497B publication Critical patent/CN106487497B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/043Masking or blinding of tables, e.g. lookup, substitution or mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/046Masking or blinding of operations, operands or results of the operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Abstract

Embodiments of the present disclosure relate to DPA protection for RIJNDAEL algorithms. A method of protecting a Rijndael type algorithm executed by an electronic circuit against side channel attacks, wherein: masking each chunk of data to be encrypted or decrypted with a first mask before applying a non-linear chunk replacement operation based on a replacement box, and then, after replacement, demasking with a second mask; and recalculating the replacement boxes block by block before applying the non-linear operations, the processing order of the blocks of the replacement boxes being subject to random permutation, the permutation being exchangeable with the non-linear replacement operations.

Description

DPA protection for RIJNDAEL algorithm
Technical Field
The present disclosure relates generally to electronic circuits, and more particularly to circuits that perform an encryption algorithm known as the Rijndael algorithm, which performs the same transformation on different portions of data to be encrypted. The present disclosure more particularly relates to protecting computations performed by such algorithms from Differential Power Analysis (DPA) attacks.
Background
In many applications, electronic circuits implement algorithms for encryption, authentication, signing, and more generally for manipulating data (referred to as secret data) to which access is desired to be retained to a particular user or circuit. Among the Rijndael algorithms, the AES algorithm, often referred to as AES (advanced encryption standard, FIPS PUB 197), processes a block of data having a size set to 128 bits, and is a particularly common encryption algorithm. AES applies the same transform to a word or message divided into blocks multiple times in succession based on different subkeys derived from the same key.
There are many methods (known as attacks) for attempting to discover or steal such secret data. Among such attacks, the so-called side channel attacks include the analysis of the impact of the calculations performed by the electronic circuit on the parameters (for example, its power consumption, its electromagnetic radiation, etc.). A particularly common side-channel attack is the attack known as DPA (differential power analysis). Such attacks include correlating the power consumption of the integrated circuit executing the algorithm with the computational results involved in the secret key used during encryption or decryption. In practice, a curve of the statistical correlation over time between the power consumption of the circuit for the encrypted message and the intermediate value calculated by the circuit is plotted, based on the message to be encrypted and on the power consumption related to the secret key. Such Power consumption Analysis attacks are widely described in the literature (see, for example, the article "Differential Power Analysis", the CRYPTO 99 conference, pages 388 to 397 published by Springer-Verlag LNCS 1666, published by Paul Kocher, Joshua Jaffe and Benjamin Jun 1999).
Disclosure of Invention
Embodiments may facilitate overcoming all or part of the disadvantages of conventional methods and circuits for protecting against side channel attacks.
Embodiments provide a method of computing an AES algorithm that may facilitate overcoming all or part of the disadvantages of conventional methods.
Embodiments provide a method of verifying sensitivity of an electronic circuit executing an AES algorithm to side-channel attacks.
In an embodiment, a method protects a Rijndael type algorithm executed by an electronic circuit from a side channel attack, wherein:
masking each chunk of data to be encrypted or decrypted with a first mask before applying a substitution box (substitution box) -based non-linear chunk substitution operation, and then demasking with a second mask after substitution; and
the replacement boxes are recalculated block by block before applying the non-linear operation, the order of processing of the blocks of the replacement boxes being subject to random permutation (persistence), which is exchangeable for the non-linear replacement operation.
According to an embodiment:
successively for each block in the substitution box:
in a first step, an arrangement (rank) of blocks (blocks) is submitted to permutation and combined with a first mask;
in a second step, the block is submitted to a permutation and the result is combined with a second mask; and
replacing the block identified by the result of the first step with the result of the second step.
According to an embodiment, the method comprises the steps of:
successively for each block in the substitution box:
in a first step, applying a permutation to the permutation of the current block, combining the result with a first mask and storing the result in a first variable;
in a second step, applying the permutation to the current block, combining the result with a second mask and storing the result in a second variable; and is
Replacing the blocks of the replacement cartridge having the arrangement as the result of the first step with the result of the second step.
According to an embodiment, the mask is a random number.
According to an embodiment, the masks all have the same size as the block.
According to an embodiment, the combination is of the XOR type.
According to an embodiment, the method is applied to AES.
In an embodiment, an electronic circuit that, when operated, implements the methods disclosed herein.
Embodiments provide a method of verifying sensitivity of an electronic circuit executing an AES algorithm to side-channel attacks.
In an embodiment, a method of protecting a Rijndael type algorithm executed by an electronic circuit from a side channel attack, comprising:
masking each chunk of data to be encrypted or decrypted with a first mask before applying a first substitution box based non-linear chunk substitution operation, and then, after substitution, demasking with a second mask; wherein the content of the first and second substances,
recalculating the replacement boxes block by block before applying the non-linear operation, the order of processing of the blocks of the replacement boxes being subject to random permutation; and is
The recalculation of the replacement box uses the second mask and a third mask and a fourth mask, the sum of the third mask and the fourth mask being equal to the first mask.
According to an embodiment:
successively for each block in the first box:
submitting the permutation of the current block to the permutation and combining the result with a third mask;
replacing the current block of the second box with a combination of the second mask and the block of the first box identified by the result of the replacement; and is
Successively for each block in the second box:
submitting the permutation of the current block to the permutation and combining the result with a fourth mask;
the current block of the first box is replaced with a block of the second box identified by the result of the replacement.
According to an embodiment, the method comprises the steps of:
successively for each block in the first box:
in a first step, applying a permutation to the permutation of the current block, combining the result with a first mask and storing the result in a first variable;
in a second step, storing a result of a combination of the second mask and the block of the first box having the permutation applied to the permutation of the current block as a result of the permutation in a second variable; and is
The result of the second step is stored in the block of the second box identified by the result of the first step.
Successively for each block in the second box:
in a third step, applying the permutation to the permutation of the current block, combining the result with the second mask and storing the result in the first variable;
in a fourth step, storing a block of the second box having the permutation applied to the current permutation as a result of the permutation in a second variable; and is
The result of the fourth step is stored in the block in the first box from which the result of the third step was stored.
According to an embodiment, the first box forms a recalculated replacement box.
According to an embodiment:
blocks of a first box are copied in a second box;
successively for each block in the second box:
submitting the permutation of the current block to the permutation and combining the result with a third mask;
replacing the current block of the first box with a combination of the second mask and a second box identified by the result of the replacement; and is
Successively for each block in the first box:
submitting the permutation of the current block to the permutation and combining the result with a fourth mask;
the current block of the second box is replaced with the block of the first box identified by the result of the permutation.
According to an embodiment, the method comprises the steps of:
copying blocks of the first box in a second box;
successively for each block in the second box:
in a first step, applying a permutation to the permutation of the current block, combining the result with a first mask and storing the result in a first variable;
in a second step, storing a result of a combination of the second mask and the block of the second box having the permutation applied to the permutation of the current block as a result of the permutation in a second variable; and
the result of the second step is stored in the block of the first box identified by the result of the first step.
Successively for each block in the first box:
in a third step, applying the permutation to the permutation of the current block, combining the result with the second mask, and storing the result in the first variable;
in a fourth step, storing the block of the first box having the permutation applied to the current permutation as a result of the permutation in the second variable; and
the result of the fourth step is stored in the block of the second cartridge identified by the result of the third step.
According to an embodiment, the second box forms a recalculated replacement box.
In an embodiment, a method includes: during the processing of data by an electronic circuit, the electronic circuit is protected against side channel attacks by: masking each block of data to be processed with a first mask; applying a substitution box based non-linear block replacement operation to the masked data; and demasking the result of the application of the non-linear block replacement with a second mask, wherein the substitution boxes are recalculated block by block before the non-linear replacement operation is applied, the order in which the blocks of the substitution boxes are processed is subject to permutation, which is exchangeable with the non-linear replacement operation. In an embodiment, the method comprises: successively for each block in the substitution box: submitting the permutation of the blocks to a permutation and combining the permuted permutation with a first mask; providing the chunks to the permutation and combining the permuted chunks with the second mask; and replacing the block having the permutation equal to the combination of the permuted permutation and the first mask with a combination of the permuted block and the second mask. In an embodiment, the method comprises: successively for each block in the substitution box: applying the permutation to the permutation of the current block; combining the permuted permutation with a first mask; storing the value of the combination of the permuted permutation and the first mask in a first variable; applying the permutation to the current block of the substitution box; combining the permuted block with a second mask; storing a value of a combination of the permuted block and the second mask in a second variable; and replacing a block of the replacement box having the stored value of the first variable as the arrangement with the stored value of the second variable. In an embodiment, the mask is a random number. In an embodiment, the mask has the same size as the block. In an embodiment, the combination is of the XOR type. In an embodiment, the processing includes applying an Advanced Encryption Standard (AES) algorithm. In an embodiment, the processing includes applying the Rijndael algorithm. In an embodiment, the permutation is a random permutation that is exchangeable with a non-linear replacement operation.
In an embodiment, an apparatus includes: one or more memories; and digital signal processing circuitry which, in operation, protects the apparatus from side channel attacks during processing of the data by: masking each block of data to be processed with a first mask; applying a substitution box based non-linear block replacement operation to the masked data; and demasking the result of the application of the non-linear block replacement with a second mask, wherein the digital processing circuitry is operative to recalculate the replacement boxes block by block before applying the non-linear replacement operation, the order in which the blocks of the replacement boxes are processed is subject to permutation, and the permutation is exchangeable with the non-linear replacement operation. In an embodiment, recalculating the replacement cartridge comprises: successively for each block in the substitution box: submitting the permutation of the blocks to a permutation and combining the permuted permutation with a first mask; providing the chunks to the permutation and combining the permuted chunks with the second mask; and replacing the block having the permutation equal to the combination of the permuted permutation and the first mask with a combination of the permuted block and the second mask. In an embodiment, the one or more memories comprise one or more registers, and recalculating the replacement box comprises: successively for each block in the substitution box: applying the permutation to the permutation of the current block; combining the permuted permutation with a first mask; storing the combined values of the permuted permutation and the first mask in one or more registers; applying the permutation to the current block of the substitution box; combining the permuted block with a second mask; storing the values of the combination of the permuted block and the second mask in one or more registers; and replacing the replacement box's chunk with a stored value of the combination of the permuted chunk and the second mask having an arrangement equal to the stored value of the combination of the permuted arrangement and the first mask. In an embodiment, the mask is a random number having the same size as the block. In an embodiment, the combination is of the XOR type. In an embodiment, the processing includes applying an Advanced Encryption Standard (AES) algorithm to the data. In an embodiment, the processing includes applying the Rijndael algorithm to the data. In an embodiment, the permutation is a random permutation that is exchangeable with a non-linear replacement operation.
In an embodiment, a system, comprises: a bus system; and digital signal processing circuitry which, in operation, protects the apparatus from side channel attacks during processing of the data by: masking each block of data to be processed with a first mask; applying a substitution box based non-linear block replacement operation to the masked data; and demasking the result of the application of the non-linear block replacement with a second mask, wherein the digital processing circuit is operative to recalculate the replacement boxes block by block before applying the non-linear replacement operation, the order in which the blocks of the replacement boxes are processed is subject to the permutation, and the permutation is exchangeable with the non-linear replacement operation. In an embodiment, the system comprises: an integrated circuit comprising digital signal processing circuitry and one or more registers. In an embodiment, the system comprises: cellular telephone circuitry coupled to the digital signal processing circuitry.
The foregoing is discussed in detail in the following non-limiting description of specific embodiments in conjunction with the accompanying drawings.
Drawings
Fig. 1 illustrates, in a simplified diagram, an AES-type algorithm.
Fig. 2 schematically shows an example of masking of such substitution boxes for block encryption in the form of a box;
FIG. 3 schematically shows, in block form, an example of a mask for a substitution box recomputed with random order;
fig. 4 shows schematically, in the form of a block, an embodiment of a method of protecting execution of an AES algorithm;
fig. 5 schematically shows, in the form of a block, another embodiment of a method of securing execution of an AES algorithm;
fig. 6 shows schematically in the form of a block a further embodiment of a method of securing the execution of the AES algorithm; and
fig. 7 shows an example of an electronic circuit for implementing the described method.
Detailed Description
The same reference numbers have been used in different drawings to identify the same elements, unless the context indicates otherwise. In particular, structural and/or functional elements common to different embodiments may be referred to with the same reference numerals and may have the same structure, dimensions and material properties. For purposes of clarity, only those steps and elements that are useful for understanding the described embodiments have been shown and will be described in detail. In particular, the application of the performed encryption/decryption or of the electronic circuit on which it is performed has not been described in detail, the described embodiments being compatible with common applications.
Embodiments will be described hereinafter with respect to examples of application to AES. However, all of the description hereinafter applies generally to any block algorithm involving a non-linear replacement operation, such as the Rijndael type algorithm.
AES is typically performed by an integrated circuit through a wired logic state machine or by means of a microprocessor executing programs in memory (typically ROM). The algorithm uses a secret key specific to the integrated circuit or to the user, which is processed to encrypt the data. For example, AES applies the same transform multiple times in succession to a word or data code divided into blocks based on a binary word portion forming a key derived from different encryption subkeys.
AES is often used in microcircuit cards, decoders, cell phones, or other types of electronic devices.
Fig. 1 illustrates, in a simplified diagram, an AES-type algorithm. Only encryption will be described and decryption involves inverse transformation. For more details, reference can be made to The work "The Design of Rijndael" (ISBN 3-540-42580-2) by Springer-Verlag Eds of Joan Daemen and Vincent Rijmen and to The AES standard (FIPS PUB 197).
The algorithm encrypts a word or code T0 having the determined number of bits into another word or code Tn having the same size. The data (message) to be processed is divided into a plurality of words or codes all having the same size (128 bits for AES). Encryption and decryption rely on a secret key having its length (128 bits, 192 bits or 256 bits for AES) subject to encryption security.
In practice, each step of the AES process processes an array of four rows and four columns representing a word, each element of which is a byte or block of the processed 128-bit code. To simplify the following description, reference is made to a state called an array for each step. The AES algorithm applied to 32-bit words divided into bytes corresponding to the most frequent cases is taken as an example.
Starting by generating 11, 13, 15 subkeys each also comprising 128 bits based on a secret key on 128 bits, 192 bits or 256 bits respectively. These subkeys are intended to be used by the algorithm described in relation to fig. 1.
Starting from an initial state T0 (block 10, state initialization) of the code or data word to be encrypted.
The first phase of AES is an operation involving performing an XOR-type combination (noted + in the figure) of the initial state T0 with the first subkey K0 (block 11, ADDROUNDKEY y). A first intermediate state T1 is obtained. In practice, the operations are performed byte by byte.
The second phase comprises performing a plurality of rounds or loops involving, for each round i, the same transformation M of the state Ti-1 obtained in the previous round and the current sub-key Ki. The number of rounds of transformation M corresponds to n-1, that is, the number n +1 minus 2 of the derived sub-key. Each round transformation M consists of four operations applied in succession.
The first operation (block 12, shift) includes performing a rotation of the last three rows of the array. Typically, the first row of the array remains unchanged, the second row is rotated by one byte, the third row is rotated by two bytes, and the fourth row is rotated by three bytes.
The second operation of the round transform M (block 13, SUBBYTES) is a non-linear transform in which each byte of the array forming the current state is replaced with its image acquired from a replacement cassette generally referred to as SBOX. This transformation by two combinations obtains a substitution box. The first transformation comprises the pair of order 2 (corresponding to a byte)8The byte under consideration (element of the array) in the finite body of (f) is inverted and byte 00 forms its own image. This inversion is followed by an affine transformation.
The third operation of the round transformation M (block 14, MIXCOLUMNS) consists in considering each column of the array resulting from the previous step as order 28And multiplying each of the polynomials by the combined polynomial modulo the other polynomial.
The fourth and final operation of the round transform M of permutation i (block 15, ADDROUNDKEY y) involves applying the subkey Ki to the array resulting from the previous state to obtain an array in which each byte of the array resulting from the previous state has been combined bit by XOR with byte k or Ki (j, l) of the subkey Ki, j representing the permutation between 0 and 3 of the rows in the array and l representing the permutation between 0 and 3 of the columns in the array. Operation 15 is the same as operation 11 of the first stage of encryption, but is performed using a different subkey.
At the end of operation 15, for the round of permutation i, the state Ti ═ M (Ki, Ti-1) is obtained. The fourth operation of the round transform is repeated n-1 times, that is, after operation 15, it returns to operation 12 to perform a new round with the next subkey.
The third stage of AES comprises a final round comprising operations 12, 13 and 15 of the round transform M, except the third (MIXCOLUMNS) with the last subkey Kn-1 as the key for operation 15.
Then, the state Tn ═ M' (Kn, Tn-1) is obtained. The result may be shaped (block 16, result form) for subsequent use.
The order of operations 12, 13, 14, and 15 in the round transform M may be changed. For example, the introduction of the sub-key (step 15) may be performed before the replacing operation 13.
Different countermeasures have been provided to reduce the sensitivity of AES-type algorithm processing to side-channel attacks and in particular to attacks through analysis of the current consumption of the circuitry executing the algorithm.
Typically, such countermeasures mask the computation by introducing a random number at a specific step called sensitivity. In particular, a replacement cartridge is referred to as an attack-sensitive step due to the non-linear nature of the operations it performs. The replacement box typically corresponds to an array of 256 arrays that have been pre-computed and then read from storage memory 16 times for each round of the AES algorithm. In some cases, a box is stored with the results of a replacement box (also called SBOX) and a column transformation MIXCOLUMNS, the stored box and the results of both transformations being applied to bytes of each state.
To mask the replacement boxes, the masked replacement boxes used in the round transformation are recalculated. Masking the replacement box applies a mask for which computational considerations are to be used to unmask the encrypted result.
Fig. 2 schematically shows an example of a mask of a substitution box encrypting a block in the form of a block.
In the example of fig. 2, it is assumed that in the case where the round key is used, replacement is performed after step 15 (step 13 of fig. 1). In addition, step 14(MIXCOLUMNS) is considered to be integrated in the substitution operation, that is to say the substitution box performs two operations 13 and 14. For simplicity, operation 12 (shift) is not considered.
Starting by defining two corresponding masked and unmasked masks (random numbers) m and m' (box 20, m ═ random numbers), (box 21, m ═ random numbers). The numbers m and m' correspond to bytes.
Thereafter, a combination by XOR of the byte with the arrangement ω of the mask m (which is noted as a bitwise addition operation +) is performed successively for each byte S [ ω ] of the arrangement ω of the replacement box S (block 22, z ═ ω + m), the result of which is placed in the temporary variable z. Thereafter (block 23, z '═ S [ ω ] + m'), the byte S [ ω ] is combined with the mask m ', the result of which is placed in the temporary variable z'. Then (block 24, S ' [ z ] ═ z '), a value contained in the variable z ' is assigned to the byte S ' [ z ] of the arrangement z of the substitution box S '.
For example, the counter ω is initialized to 0 (block 27, ω ═ 0), and each processing of a byte of the box S is incremented by 1 (block 28, ω ═ ω +1) as long as all bytes have not been processed (no output of block 29, ω ═ n-1.
Once the n bytes S ω of the substitution box S have been processed (output of block 29 is), the masked substitution box S' is used to process the message byte by byte (block by block).
Thus, each byte t of the message is combined by XOR with the mask m (block 31, t + m), the result of which is placed in the variable t (by overwriting the byte t), and then is combined by XOR with the byte k of the sub-key by overwriting the byte t in the variable t (block 32, t + k), replaced by its image S ' [ t ] in the masked replacement box S ' (block 33, S ' [ t ]). The variable t containing the image S ' [ t ] is then de-masked by combining it with the mask m ' via XOR (block 34, t ═ t + m '). And then returns the contents of the variable t.
Steps 31 to 35 are repeated for all bytes t of the message.
The calculation illustrated in fig. 2 is also programmed as follows:
m < -random number (frame 20)
m' < -random number (frame 21)
For ω 0 to n-1 (block 27, no output of block 29, block 28):
z < -omega + m (frame 22)
z '< -S [ omega ] + m' (frame 23)
S '[ z ] ═ z' (frame 24)
End loop (output of block 29 is)
t < -t + m (frame 31)
t < -t + k (frame 32)
t < -S' [ t ] (frame 33)
t < -t + m' (frame 34)
Return t (box 35).
DPA attacks that are said to be of second order or higher have made the AES algorithms still more vulnerable, including when they use random masks. A DPA attack of the second order consists in isolating the signature of the mask from the signature of the masked data (box in the case of AES) in the same current trace. By combining signatures and, in the case of AES, by multiple repeated attacks, the mask (random number) can be found directly or indirectly.
To improve the protection of the replacement boxes from these types of attacks, the order in which the replacement boxes S are recalculated may be mixed to obtain masked boxes S'.
For example, a random permutation φ is used that defines an order in which the bytes of the substitution box S [ ω ] are masked by the numbers m and m'.
Fig. 3 schematically shows an example of masking of substitution boxes recalculated with random order in the form of a block.
As compared to the method described in relation to fig. 2, this amounts to selecting (block 25, phi ═ random permutation) a random permutation phi applicable to all n rows ω, and replacing the consideration of the permutation ω of the bytes of the substitution box in steps 22 and 23 by the consideration of the result phi (ω) of the application of the permutation function phi to the permutation ω (block 22 ', z ═ phi (ω) + m and block 23 ', z ═ S [ phi (ω) ] + m '). This amounts to modifying the order in which the bytes of the substitution box are recalculated and thus masked. As illustrated, the other steps described with respect to fig. 2 are not modified.
The computation illustrated in FIG. 3 may also be written as follows:
m < -random number (frame 20)
m' < -random number (frame 21)
Phi < -random permutation (frame 25)
For ω 0 to n-1 (block 27, no output of block 29, block 28):
z < -phi (omega) + m (frame 22')
z ' < -S [ phi (omega) ] + m ' (frame 23 ')
S '[ z ] ═ z' (frame 24)
End loop (output of block 29 is)
t < -t + m (frame 31)
t < -t + k (frame 32)
t < -S' [ t ] (frame 33)
t < -t + m' (frame 34)
Return t (box 35).
However, the inventors have noted the weakness of making this strategy vulnerable to DPA attacks with higher orders.
Such vulnerabilities arise from actual masking of the replacement box. In fact, the fact that the random permutation φ is to be unknown has the advantage that the value of the permutation ω in the loop (blocks 22 ', 23', 24) remains unknown from possible attackers. However, the alignment ω is manipulated twice in each cycle (steps 22 'and 23'). Thus, an attacker can exploit the security "hole" linked to two manipulations per cycle for the current permutation ω. In particular, the result of step 23' is that the function φ is always present on the substitution box, that is, in practice, 256 times, which represents a number of holes. By combining the results of steps 22 'and 23', the contribution of the function phi is eliminated. The attack on step 32, although more complex than in fig. 2, becomes effective again.
In fact, the embodiment of fig. 3 facilitates solving the problem of attacks on the value of the mask m by the second order. However, the third order attack enables the secret to be found from the moment the attacker can identify steps 22 'and 23' in the current trace, and is thus a point of vulnerability.
In an embodiment, the resistance of the electronic circuit to attacks as described above is expected to be accessed. For this purpose, an attack is executed and it is detected whether it is valid.
Embodiments facilitate improving the resistance of the Rijndael type block encryption algorithm to side channel attacks.
In an embodiment, the operation of step 22' (FIG. 3) does not occur in the recalculation of the cartridge.
In an embodiment, the random number m is divided into two and the masking of the replacement box is performed in two steps. Fig. 4 schematically shows an example embodiment in the form of a block.
Starting by defining two masks (random numbers) m1 and m2 such that their XOR combination corresponds to a random number m (the number to be used at step 31) (block 41, m1 ═ random number), (block 42, m2 ═ random number, m ═ m1+ m 2). As before, a random unmask value m' (box 21, m ═ random number) and a random permutation applicable to all n permutations ω (box 25, Φ ═ random permutation) are then defined. Masks m1, m2, m, and m' correspond to bytes. The masked replacement box S ' is also initialized with the value of the unmasked replacement box S ' (block 43, S ' ═ S). The order of steps 21 and 43 (or 43 and 21) with respect to steps 41 and 42 is not important.
The recalculation of the replacement box is then divided into two cycles, the first using the random number m1 on box S' and the second using the random number m2 on box S resulting from the first cycle.
Thus, successively for each byte S '[ ω ] of the permutation ω of the substitution box S', a permutation function Φ is applied to the permutation ω and an XOR combination of the result Φ (ω) with the mask m1 is performed (block 44, z ═ Φ (ω) + m1), the result of which is placed in the temporary variable z. Then (block 45, z '═ S' [ Φ (ω) ] + m '), byte S' [ Φ (ω) ] is combined with mask m ', the result of which is placed in temporary variable z'. Then (block 46, S [ z ] ═ z '), the value contained in variable z' is assigned to byte S [ z ] of permutation z of the unmasked substitution box S.
For example, the counter ω is initialized to 0 (block 27, ω ═ 0), and each processing of the bytes for box S' is incremented by 1 (block 28, ω ═ ω +1) as long as all bytes have not been processed (no output of block 29, ω ═ n-1.
Once the n bytes S '[ omega ] of the replacement box S' initialized at 43 have been processed using the m-number of portions m1 (output yes of block 29), the bytes of the replacement box S resulting from the first loop are restored to be masked using portion m 2.
Thus, successively for each byte S [ ω ] of the permutation ω of the substitution box S, a permutation function Φ is applied to the permutation ω and an XOR combination of the result Φ (ω) with the mask m2 is performed (block 47, z ═ Φ (ω) + m2), the result of which is placed in the temporary variable z. Then (block 48, z '═ S [ phi (omega) ]), the byte S [ phi (omega) ] of the replacement box S resulting from the first loop is placed in the temporary variable z'. Thereafter (block 24, S ' [ z ] ═ z '), a value contained in the variable z ' is assigned to the byte S ' [ z ] of the arrangement z of the masked substitution box S '.
For example, for loop calculations, the counter ω is initialized to 0 again (block 27 ', ω ═ 0) and incremented by 1 (block 28, ω ═ ω +1) for each processing of the bytes originating from the box S of the first loop, as long as all bytes have not been processed yet (no output of block 29', ω ═ n-1.
Once n bytes S [ phi (omega) ] originating from the substitution box S of the first loop have been processed using the m-number fraction m2 (output yes of block 29), the resulting masked substitution box S' is used to process the message byte by byte (block by block) and to perform steps 31 to 35 as described in figures 2 and 3.
The computation illustrated in FIG. 4 may also be written as follows:
m1< -random number (box 41)
m2< -random number (box 42)
m' < -random number (frame 21)
S' < -S (frame 43)
Phi < -random permutation (frame 25)
For ω 0 to n-1 (block 27, no output of block 29, block 28):
z < - φ (ω) + m1 (box 44)
z ' < -S ' [ phi (omega) ] + m ' (frame 45)
S [ z ] ═ z' (frame 46)
End loop (output of block 29 is)
For ω 0 to n-1 (block 27 ', no output of block 29 ', block 28 '):
z < -phi (omega) + m2 (frame 47)
z' < -S [ phi (omega) ] (box 48)
S '[ z ] ═ z' (frame 24)
Ending the loop (output of block 29 is')
t < -t + m (frame 31 of FIG. 3)
t < -t + k (frame 32 of FIG. 3)
t < -S' [ t ] (frame 33 of FIG. 3)
t < -t + m' (frame 34 of FIG. 3)
Returning to t (block 35 of fig. 3).
Fig. 5 schematically shows an embodiment of an electronic system in the form of a block.
Starting by defining two masks (random numbers) m1 and m2 such that their XOR combination corresponds to a random number m (the number to be used at step 31) (block 41, m1 ═ random number), (block 42, m2 ═ random number, m ═ m1+ m 2). As before, a random unmask value m' (block 21, m ═ random number) and a random permutation applicable to all n permutations ω (block 25, Φ ═ random permutation) are defined. Masks m1, m2, m, and m' correspond to bytes. The order of steps 21 and 43 (or 43 and 21) with respect to steps 41 and 42 is not important.
The recalculation of the replacement box is split into two cycles, the first time using the random number m1 on box S and the second time using the random number m2 on box S' originating from the first cycle.
Thus, successively for each byte S [ ω ] of the permutation ω of the substitution box S', a permutation function Φ is applied to the permutation ω and an XOR combination of the result Φ (ω) with the mask m1 is performed (block 44, z ═ Φ (ω) + m1), the result of which is placed in the temporary variable z. Then (box 23 ', z ═ S [ Φ (ω) ] + m '), byte S ' [ Φ (ω) ] is combined with mask m ', the result of which is placed in temporary variable z '. Then (box 24, S ' [ z ] ═ z '), a value contained in the variable z ' is assigned to the byte S ' [ z ] of the arrangement z of the masked substitution box S '.
For example, the counter ω is initialized to 0 (block 27, ω ═ 0), and each processing of a byte of the box S is incremented by 1 (block 28, ω ═ ω +1) as long as all bytes have not been processed (no output of block 29, ω ═ n-1.
Once the n bytes S ω of the replacement box S have been processed using the m-number of portions m1 (output yes of block 29), the bytes of the replacement box S' resulting from the first loop are restored to be masked using portion m 2.
Thus, successively for each byte S '[ ω ] of the permutation ω of the substitution box S', a permutation function Φ is applied to the permutation ω and an XOR combination of the result Φ (ω) with the mask m2 is performed (block 47, z ═ Φ (ω) + m2), the result of which is placed in the temporary variable z. Then (block 48, z ' ═ S ' [ phi (omega) ]), the byte S ' [ phi (omega) ] of the replacement box S ' resulting from the first loop is placed in the temporary variable z '. Then (block 49, S [ z ] ═ z '), the value contained in the variable z' is assigned to the byte S [ z ] of the arrangement z of the substitution box S.
For example, for loop calculations, the counter ω is initialized to 0 again (block 27 ', ω ═ 0) and incremented by 1 (block 28', ω ═ ω +1) for each processing of the bytes originating from the box S 'of the first loop, as long as all bytes have not been processed yet (no output of block 29', ω ═ n-1.
Once n bytes S (co) originating from the substitution box S' of the first loop have been processed using the m-numbered fraction m2 (output y of block 29), the resulting substitution box S, here forming the masked substitution box, is used to process the message byte by byte (block by block). Thus, step 33 described with respect to fig. 2 and 3 takes out the bytes of box S instead of the bytes of box S '(box 33', t ═ S [ t ]). As illustrated, steps 31, 32, 34 and 35 are not modified with respect to the embodiment of fig. 2 and 3.
As compared to the embodiment of fig. 4, the initialization of the cartridge S' is dispensed with (block 43 of fig. 4).
The computation illustrated in FIG. 5 may also be written as follows:
m1< -random number (box 41)
m2< -random number (box 42)
m' < -random number (frame 21)
Phi < -random permutation (frame 25)
For ω 0 to n-1 (block 27, no output of block 29, block 28):
z < - φ (ω) + m1 (box 44)
z ' < -S [ phi (omega) ] + m ' (frame 23 ')
S '[ z ] ═ z' (frame 24)
End loop (output of block 29 is)
For ω 0 to n-1 (block 27 ', no output of block 29 ', block 28 '):
z < - (omega) + m2 (frame 47)
z ' < -S ' [ phi (omega) ] (box 48 ')
S [ z ] ═ z' (frame 49)
Ending the loop (output of block 29 is')
t < -t + m (frame 31 of FIG. 3)
t < -t + k (frame 32 of FIG. 3)
t < -ST (frame 33')
t < -t + m' (frame 34 of FIG. 3)
Returning to t (block 35 of fig. 3).
The fact that the mask m is divided into two parts m1 and m2 and the calculation of the replacement box is performed twice makes the attack more difficult.
In an embodiment, during the recalculation of the replacement cartridge, a function is employed that has swappable permutations with the replacement operation. Fig. 6 schematically shows an embodiment in the form of a block.
As in fig. 2, starting with the definition of two corresponding masked and unmasked masks (random numbers) m and m' (box 20, m ═ random numbers), (box 21, m ═ random numbers).
Then (box 25', γ ═ random permutation, γ oS ═ So γ), a random permutation is selected that is exchangeable with the substitution box.
Then, successively for each byte S' [ ω ] of the arrangement ω of the substitution box S, the permutation function γ is applied to the arrangement ω and an XOR combination of the result γ (ω) with the mask m is performed (block 51, z ═ γ (ω) + m), the result of which is placed in the temporary variable z. Then (box 52, z '═ γ (S [ ω ] + m'), the result of the application of the function γ to the byte S [ (ω) ] is combined with the mask m ', the result of which is placed in the temporary variable z. then (box 24, S' [ z ] ═ z '), the value contained in the variable z' is assigned to the byte S '[ z ] of the arrangement z of the masked substitution box S'. as described in the previous embodiment, for example, the counter ω is initialized to 0 (box 27, ω ═ 0), and as long as all bytes have not been processed yet (no output of box 29, ω?), 1 is incremented for each processing of the byte S [ ω ] of the box S (box 28, ω ═ ω + 1).
Once the n bytes S ω of the substitution box S have been processed (output yes of block 29), the resulting masked substitution box S' is used to process the message byte by byte (block by block) and to perform steps 31 to 35 as described in fig. 2 and 3.
As compared to fig. 3, the value γ (ω) appears only once per cycle. And therefore cannot be combined within a loop to take advantage of the current trajectory. However, since the function γ is exchangeable with the replacement operation S, the result of step 52 is the same as the result of step 23' of fig. 2, which allows for de-masking.
The calculation illustrated in FIG. 6 may also be written as follows:
m < -random number (frame 20)
m' < -random number (frame 21)
Gamma < -random permutation interchangeable with the replace operation S (Block 25')
For ω 0 to n-1 (block 27, no output of block 29, block 28):
z < -gamma (omega) + m (frame 51)
z '< -gamma (S [ omega ]) + m' (frame 52)
S '[ z ] ═ z' (frame 24)
End loop (output of block 29 is)
t < -t + m (frame 31)
t < -t + k (frame 32)
t < -S' [ t ] (frame 33)
t < -t + m' (frame 34)
Return t (box 35).
In an embodiment, any increase in power consumption of the replacement box, which may be random, may be used as the function γ interchangeable with the replacement operation.
Implementation of the embodiment of sensitivity to verification facilitates verification of whether an embodiment of one of the countermeasures described with respect to fig. 4-6 is implemented by an electronic circuit.
In practice, different values, bytes, variables, etc. are physically stored in one or more registers of the electronic circuit, and the contents of these registers may be read and/or written according to control signals depending on the method steps. The electronic circuit is for example an example of a processor for executing the described algorithm with input registers, output registers and configured to manipulate different values. The calculating and replacing steps are performed, for example, by elements integrated into the wired logic of the processor.
Fig. 7 is just an example schematically illustrating an electronic circuit 6 of the type applied to the described embodiment.
The circuit 6 includes:
a calculation unit 61(UC), for example a state machine, a microprocessor, a programmable logic circuit, or the like, comprising or using registers 62 containing different variables for the calculation and arbitrarily shown in fig. 7 outside unit 61;
one or more volatile and/or non-volatile memory areas 63(MEM) for storing all or part of the data and keys;
one or more data buses, address buses and/or control buses 65 between the different elements inside the circuit 6 and an input-output interface 67(I/O) for communication with the outside of the circuit 6.
The circuit 6 may include various other circuits depending on the application, represented in fig. 7 by a block 69 (FCT). For example, block 69 may include circuitry (e.g., a controller, etc.) configured to subject the computational circuitry 61 to a side channel attack. Block 69 may be external to circuit 6.
Some embodiments may take the form of or include a computer program product. For example, according to one embodiment, a computer-readable medium is provided, comprising a computer program adapted to perform one or more of the methods or functions described above. The medium may be a physical storage medium such as a read-only memory (ROM) chip, or a magnetic disk such as a digital versatile disk (DVD-ROM), a compact disk (CD-ROM), a hard disk, a memory, a network, or a portable media item to be read by an appropriate drive or via an appropriate connection, including as a portable media item encoded in one or more bar codes or other associated codes stored on one or more such computer-readable media and readable by an appropriate reader device.
Additionally, in some embodiments, some or all of the methods and/or functions may be implemented or provided in other ways, such as at least partially in firmware and/or hardware, including but not limited to one or more Application Specific Integrated Circuits (ASICs), digital signal processors, discrete circuits, logic gates, standard integrated circuits, controllers (e.g., by executing appropriate instructions and including microcontrollers and/or embedded controllers), Field Programmable Gate Arrays (FPGAs), Complex Programmable Logic Devices (CPLDs), and the like, as well as devices employing RFID technology, and various combinations thereof.
Various embodiments have been described. Various changes and modifications will occur to those skilled in the art. In particular, the integration of the above steps in the round processing of the AES algorithm is within the abilities of one skilled in the art based on the above description. Finally, the practical implementation of the embodiments that have been described is within the abilities of one of ordinary skill in the art based on the functional indications given above.
Such alterations, modifications, and improvements are intended to be part of this disclosure, and are intended to be within the spirit and scope of the disclosure. Accordingly, the foregoing description is by way of example only and is not intended as limiting.
The various embodiments described above can be combined to provide further embodiments. Aspects of the embodiments can be modified, if necessary, to employ concepts of the various patents, applications and publications to provide yet further embodiments.
These and other changes to the embodiments can be made in light of the above detailed description. In general, in the following claims, the terms used should not be construed to limit the claims to the specific embodiments disclosed in the specification, but should be construed to include all possible embodiments falling within the full scope of equivalents of the claims. Accordingly, the claims are not limited by the disclosure.

Claims (20)

1. A method for protecting against a side-channel attack, comprising:
during processing of data by an electronic circuit, the electronic circuit is protected from side channel attacks by:
masking each block of data to be processed with a first mask;
applying a substitution box based non-linear block replacement operation to the masked data; and
demasking the result of the application of the non-linear block replacement with a second mask, wherein the substitution box is recalculated block by block before applying the non-linear block replacement operation, the order in which the blocks of the substitution box are processed being subject to a permutation, which is exchangeable with the non-linear block replacement operation.
2. The method of claim 1, comprising:
successively for each block in the replacement box:
submitting an arrangement of the blocks to the permutation and combining the permuted arrangement with the first mask;
providing the chunks to the permutation and combining the permuted chunks with the second mask; and
replacing blocks having a permutation equal to the permuted combination of the permutation and the first mask with a combination of the permuted blocks and the second mask.
3. The method of claim 1, comprising:
successively for each block in the replacement box:
applying the permutation to the permutation of the current block;
combining the permuted permutation with the first mask;
storing the permuted value of the combination of the permutation and the first mask in a first variable;
applying the permutation to the current block of the replacement box;
combining the permuted blocks with the second mask;
storing a value of a combination of the permuted block and the second mask in a second variable; and
replacing the block of the replacement box having the stored value of the first variable as an arrangement with the stored value of the second variable.
4. The method of claim 1, wherein the first mask and the second mask are random numbers.
5. The method of claim 1, wherein the first mask and the second mask have a same size as a block.
6. A method according to claim 2 or 3, wherein said combination is of the XOR type.
7. The method of claim 1, wherein the processing comprises applying an Advanced Encryption Standard (AES) algorithm.
8. The method of claim 1, wherein the processing comprises applying a Rijndael algorithm.
9. The method of claim 1, wherein the permutation is a random permutation that is exchangeable with the non-linear block replacement operation.
10. An apparatus for protecting against side channel attacks, comprising:
one or more memories; and
digital signal processing circuitry operative to protect the device from side channel attacks during processing of data by:
masking each block of data to be processed with a first mask;
applying a substitution box based non-linear block replacement operation to the masked data; and
demasking the result of the application of the non-linear block replacement with a second mask, wherein the digital signal processing circuitry is operative to recalculate the replacement boxes block by block before applying the non-linear block replacement operation, the order in which the blocks of the replacement boxes are processed is subject to a permutation, and the permutation is exchangeable with the non-linear block replacement operation.
11. The apparatus of claim 10, wherein recalculating the replacement box comprises:
successively for each block in the replacement box:
submitting an arrangement of the blocks to the permutation and combining the permuted arrangement with the first mask;
providing the chunks to the permutation and combining the permuted chunks with the second mask; and
replacing blocks having a permutation equal to the permuted combination of the permutation and the first mask with a combination of the permuted blocks and the second mask.
12. The apparatus of claim 10, wherein the one or more memories comprise one or more registers, and recalculating the replacement box comprises:
successively for each block in the replacement box:
applying the permutation to the permutation of the current block;
combining the permuted permutation with the first mask;
storing the permuted combined values of the permutation and the first mask in the one or more registers;
applying the permutation to a current block of the replacement box;
combining the permuted blocks with the second mask;
storing the permuted combined values of the block and the second mask in the one or more registers; and
replacing a chunk of the replacement box having an arrangement of stored values equal to the combination of the permuted arrangement and the first mask with the stored values of the combination of the permuted chunk and the second mask.
13. The apparatus of claim 10, wherein the first mask and the second mask are random numbers having the same size as a block.
14. The apparatus according to claim 11 or 12, wherein the combination is of the XOR type.
15. The apparatus of claim 10, wherein the processing comprises applying an Advanced Encryption Standard (AES) algorithm to the data to be processed.
16. The apparatus of claim 10, wherein the processing comprises applying a Rijndael algorithm to the data to be processed.
17. The apparatus of claim 10, wherein the permutation is a random permutation that is exchangeable with the non-linear block replacement operation.
18. A system for protecting against side channel attacks, comprising:
a bus system; and
digital signal processing circuitry operative to protect the system from side channel attacks during processing of data by:
masking each block of data to be processed with a first mask;
applying a substitution box based non-linear block replacement operation to the masked data; and
demasking the result of said applying of said non-linear block replacement with a second mask, wherein said digital signal processing circuitry is operable to recalculate said substitution box block by block prior to applying said non-linear block replacement operation, the order in which the blocks of said substitution box are processed is subject to permutation, and said permutation is interchangeable with said non-linear block replacement operation.
19. The system of claim 18, comprising:
an integrated circuit comprising the digital signal processing circuitry and one or more registers.
20. The system of claim 18, comprising:
cellular telephone circuitry coupled to the digital signal processing circuitry.
CN201610104642.5A 2015-09-02 2016-02-25 DPA protection for RIJNDAEL algorithm Active CN106487497B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1558116A FR3040514B1 (en) 2015-09-02 2015-09-02 DPA PROTECTION OF A RIJNDAEL ALGORITHM
FR1558116 2015-09-02

Publications (2)

Publication Number Publication Date
CN106487497A CN106487497A (en) 2017-03-08
CN106487497B true CN106487497B (en) 2020-03-10

Family

ID=55135272

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610104642.5A Active CN106487497B (en) 2015-09-02 2016-02-25 DPA protection for RIJNDAEL algorithm

Country Status (4)

Country Link
US (1) US10210776B2 (en)
EP (1) EP3139364B1 (en)
CN (1) CN106487497B (en)
FR (1) FR3040514B1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3422176A1 (en) * 2017-06-28 2019-01-02 Gemalto Sa Method for securing a cryptographic process with sbox against high-order side-channel attacks
CN109299938B (en) * 2017-07-25 2023-05-02 紫光同芯微电子有限公司 Memory encryption device and method based on random mask protection
IT201700115266A1 (en) * 2017-10-12 2019-04-12 St Microelectronics Rousset ELECTRONIC DEVICE INCLUDING A DIGITAL MODULE TO ACCESS DATA ENCLOSED IN A MEMORY AND CORRESPONDING METHOD TO ACCESS DATA ENTERED IN A MEMORY
US11218291B2 (en) * 2018-02-26 2022-01-04 Stmicroelectronics (Rousset) Sas Method and circuit for performing a substitution operation
DE102018107114A1 (en) * 2018-03-26 2019-09-26 Infineon Technologies Ag Side channel hardened operation
US11032061B2 (en) * 2018-04-27 2021-06-08 Microsoft Technology Licensing, Llc Enabling constant plaintext space in bootstrapping in fully homomorphic encryption
US11632231B2 (en) * 2020-03-05 2023-04-18 Novatek Microelectronics Corp. Substitute box, substitute method and apparatus thereof
FR3108225B1 (en) * 2020-03-16 2022-11-11 St Microelectronics Rousset Fault detection by an electronic circuit
US11449606B1 (en) * 2020-12-23 2022-09-20 Facebook Technologies, Llc Monitoring circuit including cascaded s-boxes for fault injection attack protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
WO2009043139A1 (en) * 2007-10-01 2009-04-09 Research In Motion Limited Substitution table masking for cryptographic processes
CN102904716A (en) * 2011-07-26 2013-01-30 克罗科斯科技公司 Method of counter-measuring against side-channel attacks
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7142670B2 (en) * 2001-08-14 2006-11-28 International Business Machines Corporation Space-efficient, side-channel attack resistant table lookups
US7403620B2 (en) * 2002-07-02 2008-07-22 Stmicroelectronics S.A. Cyphering/decyphering performed by an integrated circuit
JP4357815B2 (en) 2002-09-11 2009-11-04 株式会社東芝 Cryptographic operation circuit
FR2871969B1 (en) * 2004-06-18 2006-12-01 Sagem METHOD AND DEVICE FOR PERFORMING A CRYPTOGRAPHIC CALCULATION
CN101542558A (en) * 2007-05-30 2009-09-23 松下电器产业株式会社 Encryption device, decryption device, encryption method, and integrated circuit
JPWO2009072547A1 (en) 2007-12-05 2011-04-28 日本電気株式会社 Side channel attack resistance evaluation apparatus, method and program
FR2935503A1 (en) * 2008-08-28 2010-03-05 St Microelectronics Rousset PROTECTION OF AN ENCRYPTION ALGORITHM
FR2941342B1 (en) 2009-01-20 2011-05-20 Groupe Des Ecoles De Telecommunications Get Ecole Nat Superieure Des Telecommunications Enst CRYPTOGRAPHIC CIRCUIT PROTECTED AGAINST ATTACKS IN OBSERVATION, IN PARTICULAR OF HIGH ORDER.
FR2974693B1 (en) * 2011-04-26 2013-04-26 Cassidian Sas METHOD FOR APPLYING HIGH ENTROPY MASKING MEASURE IN A BLOCK ENCRYPTION ALGORITHM, AND LOGIC INTEGRATED CIRCUIT USING SUCH A METHOD
FR2985624B1 (en) 2012-01-11 2014-11-21 Inside Secure ENCRYPTION METHOD PROTECTED AGAINST AUXILIARY CHANNEL ATTACKS
US9118441B2 (en) * 2013-01-25 2015-08-25 Freescale Semiconductor, Inc. Layout-optimized random mask distribution system and method
US20160105276A1 (en) * 2014-10-10 2016-04-14 Qualcomm Incorporated Rotation-based cipher

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
WO2009043139A1 (en) * 2007-10-01 2009-04-09 Research In Motion Limited Substitution table masking for cryptographic processes
CN102904716A (en) * 2011-07-26 2013-01-30 克罗科斯科技公司 Method of counter-measuring against side-channel attacks
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Multi-variate High-order Attacks of Shuffled Tables Recomputation;Nicolas Bruneau等;《http://link.springer.com/chapter/10.1007%2F978-3-662-48324-4_24》;20150901;第1节到第4节 *
基于AES算法的智能卡攻击与防御的研究;冯艳;《中国优秀硕士学位论文全文数据库信息科技辑》;20131231;第5.1节和第5.3.2节 *

Also Published As

Publication number Publication date
EP3139364A1 (en) 2017-03-08
EP3139364B1 (en) 2018-01-17
FR3040514B1 (en) 2017-09-15
US10210776B2 (en) 2019-02-19
CN106487497A (en) 2017-03-08
FR3040514A1 (en) 2017-03-03
US20170063523A1 (en) 2017-03-02

Similar Documents

Publication Publication Date Title
CN106487497B (en) DPA protection for RIJNDAEL algorithm
CN106487498B (en) Verification of the resistance of an electronic circuit to side-channel attacks
CN106487499B (en) protection of Rijndael algorithm
US11362802B2 (en) Cryptographic device arranged to compute a target block cipher
CN107005404B (en) Processor apparatus implementing executable white-box mask implementations of cryptographic algorithms
US8094816B2 (en) System and method for stream/block cipher with internal random states
US9418246B2 (en) Decryption systems and related methods for on-the-fly decryption within integrated circuits
KR20180002065A (en) A protection method and device against a side-channel analysis
US10176121B2 (en) Apparatus and method for memory address encryption
US9760737B2 (en) Techniques for integrated circuit data path confidentiality and extensions thereof
JP7076482B2 (en) How to secure cryptographic processes with SBOX from higher-order side-channel attacks
US9692592B2 (en) Using state reordering to protect against white box attacks
US11431491B2 (en) Protection of the execution of cipher algorithms
US9565018B2 (en) Protecting cryptographic operations using conjugacy class functions
CN108141352B (en) Cryptographic apparatus, method, apparatus and computer readable medium, and encoding apparatus, method, apparatus and computer readable medium
US9729319B2 (en) Key management for on-the-fly hardware decryption within integrated circuits
US8582757B2 (en) Protection of a ciphering algorithm
JP6890589B2 (en) Computational devices and methods
EP3286869B1 (en) High-speed aes with transformed keys
KR101203474B1 (en) Process of security of a unit electronic unit with cryptoprocessor
US11101824B2 (en) Encryption device and decryption device, and operation method thereof
US20220414268A1 (en) Protection of data processed by an encryption algorithm
US10678709B2 (en) Apparatus and method for memory address encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant